No. Time Source Destination Protocol Info 324 6.185647 172.28.186.27 208.117.224.240 TCP aspen-services > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=2 Frame 324 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.582609000 [Time delta from previous captured frame: 0.273896000 seconds] [Time delta from previous displayed frame: 6.185647000 seconds] [Time since reference or first frame: 6.185647000 seconds] Frame Number: 324 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5804 (22532) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8b21 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 0, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 0 (relative sequence number) Header length: 32 bytes Flags: 0x02 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xee5a [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) Maximum segment size: 1460 bytes NOP Window scale: 2 (multiply by 4) NOP NOP SACK permitted No. Time Source Destination Protocol Info 325 6.188510 208.117.224.240 172.28.186.27 TCP http > aspen-services [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460 WS=0 Frame 325 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.585472000 [Time delta from previous captured frame: 0.002863000 seconds] [Time delta from previous displayed frame: 0.002863000 seconds] [Time since reference or first frame: 6.188510000 seconds] Frame Number: 325 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x6909 (26889) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xbe1c [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 0, Ack: 1, Len: 0 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 0 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x12 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xdbf2 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted NOP Window scale: 0 (multiply by 1) [SEQ/ACK analysis] [This is an ACK to the segment in frame: 324] [The RTT to ACK the segment was: 0.002863000 seconds] No. Time Source Destination Protocol Info 326 6.188565 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=1 Ack=1 Win=183960 Len=0 Frame 326 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.585527000 [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.000055000 seconds] [Time since reference or first frame: 6.188565000 seconds] Frame Number: 326 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5805 (22533) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8b2c [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 1 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xad87 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 325] [The RTT to ACK the segment was: 0.000055000 seconds] No. Time Source Destination Protocol Info 327 6.195147 172.28.186.27 208.117.224.240 TCP [TCP segment of a reassembled PDU] Frame 327 (590 bytes on wire, 590 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.592109000 [Time delta from previous captured frame: 0.006582000 seconds] [Time delta from previous displayed frame: 0.006582000 seconds] [Time since reference or first frame: 6.195147000 seconds] Frame Number: 327 Frame Length: 590 bytes Capture Length: 590 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 576 Identification: 0x580a (22538) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x890f [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 1, Ack: 1, Len: 536 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 1 (relative sequence number) [Next sequence number: 537 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x61a5 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (536 bytes) No. Time Source Destination Protocol Info 328 6.195243 172.28.186.27 208.117.224.240 TCP [TCP segment of a reassembled PDU] Frame 328 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.592205000 [Time delta from previous captured frame: 0.000096000 seconds] [Time delta from previous displayed frame: 0.000096000 seconds] [Time since reference or first frame: 6.195243000 seconds] Frame Number: 328 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x580b (22539) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8572 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 537, Ack: 1, Len: 1460 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 537 (relative sequence number) [Next sequence number: 1997 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x6f71 [correct] [Good Checksum: True] [Bad Checksum: False] [Reassembled PDU in frame: 331] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 329 6.195287 172.28.186.27 208.117.224.240 TCP [TCP segment of a reassembled PDU] Frame 329 (202 bytes on wire, 202 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.592249000 [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000044000 seconds] [Time since reference or first frame: 6.195287000 seconds] Frame Number: 329 Frame Length: 202 bytes Capture Length: 202 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 188 Identification: 0x580c (22540) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a91 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 1997, Ack: 1, Len: 148 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 1997 (relative sequence number) [Next sequence number: 2145 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xdcfd [correct] [Good Checksum: True] [Bad Checksum: False] [Reassembled PDU in frame: 331] TCP segment data (148 bytes) No. Time Source Destination Protocol Info 330 6.200517 208.117.224.240 172.28.186.27 TCP http > aspen-services [ACK] Seq=1 Ack=537 Win=16984 Len=0 Frame 330 (60 bytes on wire, 60 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.597479000 [Time delta from previous captured frame: 0.005230000 seconds] [Time delta from previous displayed frame: 0.005230000 seconds] [Time since reference or first frame: 6.200517000 seconds] Frame Number: 330 Frame Length: 60 bytes Capture Length: 60 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6a09 (27145) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xfd28 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 1, Ack: 537, Len: 0 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 1 (relative sequence number) Acknowledgement number: 537 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16984 Checksum: 0x1cbe [correct] [Good Checksum: True] [Bad Checksum: False] No. Time Source Destination Protocol Info 331 6.200600 172.28.186.27 208.117.224.240 HTTP GET /get_video?video_id=oEkJvvGEtB4&ip=137.132.3.6&signature=30B66A5DAF7FC04665ED684B58996B476C92E53C.64C9562F2B4301B5ACE4E3DFC82CF1156A6811F3&sver=2&expire=1223897366&key=yt4&ipbits=2 HTTP/1.1 Frame 331 (998 bytes on wire, 998 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.597562000 [Time delta from previous captured frame: 0.000083000 seconds] [Time delta from previous displayed frame: 0.000083000 seconds] [Time since reference or first frame: 6.200600000 seconds] Frame Number: 331 Frame Length: 998 bytes Capture Length: 998 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 984 Identification: 0x580d (22541) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8774 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 2145, Ack: 1, Len: 944 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 2145 (relative sequence number) [Next sequence number: 3089 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x3ae2 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 330] [The RTT to ACK the segment was: 0.000083000 seconds] TCP segment data (944 bytes) [Reassembled TCP Segments (3088 bytes): #327(536), #328(1460), #329(148), #331(944)] [Frame: 327, payload: 0-535 (536 bytes)] [Frame: 328, payload: 536-1995 (1460 bytes)] [Frame: 329, payload: 1996-2143 (148 bytes)] [Frame: 331, payload: 2144-3087 (944 bytes)] Hypertext Transfer Protocol GET /get_video?video_id=oEkJvvGEtB4&ip=137.132.3.6&signature=30B66A5DAF7FC04665ED684B58996B476C92E53C.64C9562F2B4301B5ACE4E3DFC82CF1156A6811F3&sver=2&expire=1223897366&key=yt4&ipbits=2 HTTP/1.1\r\n Request Method: GET Request URI: /get_video?video_id=oEkJvvGEtB4&ip=137.132.3.6&signature=30B66A5DAF7FC04665ED684B58996B476C92E53C.64C9562F2B4301B5ACE4E3DFC82CF1156A6811F3&sver=2&expire=1223897366&key=yt4&ipbits=2 Request Version: HTTP/1.1 Accept-Encoding: gzip, deflate\r\n Host: dal-v113.dal.youtube.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-us,en;q=0.5\r\n ---------------: ------------\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 300\r\n Connection: keep-alive\r\n [truncated] Cookie: VISITOR_INFO1_LIVE=WogB8lj5IL0; dkv=63c3a6f2430886135251ece40933e071e3QJAAAAYWdlX3JhbmdlaQQAAAB0BgAAAGdlbmRlcnQBAAAAbXQDAAAAYWdlaRoAAAB0AgAAAGtscwcAAABTX0VfR19IdAQAAABjYW52VHQHAAAAdmVyc2lvbmkHAAAAdAwAAABlbmNyeXB0ZWRfaWR \r\n No. Time Source Destination Protocol Info 332 6.204395 208.117.224.240 172.28.186.27 TCP http > aspen-services [ACK] Seq=1 Ack=2145 Win=15376 Len=0 Frame 332 (60 bytes on wire, 60 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.601357000 [Time delta from previous captured frame: 0.003795000 seconds] [Time delta from previous displayed frame: 0.003795000 seconds] [Time since reference or first frame: 6.204395000 seconds] Frame Number: 332 Frame Length: 60 bytes Capture Length: 60 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6c09 (27657) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xfb28 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 1, Ack: 2145, Len: 0 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 1 (relative sequence number) Acknowledgement number: 2145 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 15376 Checksum: 0x1cbe [correct] [Good Checksum: True] [Bad Checksum: False] No. Time Source Destination Protocol Info 333 6.206410 208.117.224.240 172.28.186.27 TCP http > aspen-services [ACK] Seq=1 Ack=3089 Win=15440 Len=0 Frame 333 (60 bytes on wire, 60 bytes captured) Arrival Time: Nov 1, 2008 16:29:53.603372000 [Time delta from previous captured frame: 0.002015000 seconds] [Time delta from previous displayed frame: 0.002015000 seconds] [Time since reference or first frame: 6.206410000 seconds] Frame Number: 333 Frame Length: 60 bytes Capture Length: 60 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6d09 (27913) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xfa28 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 1, Ack: 3089, Len: 0 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 1 (relative sequence number) Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 15440 Checksum: 0x18ce [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 331] [The RTT to ACK the segment was: 0.005810000 seconds] No. Time Source Destination Protocol Info 345 7.258958 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 345 (363 bytes on wire, 363 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.655920000 [Time delta from previous captured frame: 0.812779000 seconds] [Time delta from previous displayed frame: 1.052548000 seconds] [Time since reference or first frame: 7.258958000 seconds] Frame Number: 345 Frame Length: 363 bytes Capture Length: 363 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:http] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 349 Identification: 0x7609 (30217) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xeff3 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 1, Ack: 3089, Len: 309 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 1 (relative sequence number) [Next sequence number: 310 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xaea2 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (309 bytes) No. Time Source Destination Protocol Info 346 7.260177 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 346 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.657139000 [Time delta from previous captured frame: 0.001219000 seconds] [Time delta from previous displayed frame: 0.001219000 seconds] [Time since reference or first frame: 7.260177000 seconds] Frame Number: 346 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x7709 (30473) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xea74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 310, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 310 (relative sequence number) [Next sequence number: 1770 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf7b7 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 347 7.260251 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=1770 Win=183960 Len=0 Frame 347 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.657213000 [Time delta from previous captured frame: 0.000074000 seconds] [Time delta from previous displayed frame: 0.000074000 seconds] [Time since reference or first frame: 7.260251000 seconds] Frame Number: 347 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5825 (22565) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8b0c [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 1770, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 1770 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x9a8e [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 346] [The RTT to ACK the segment was: 0.000074000 seconds] No. Time Source Destination Protocol Info 348 7.263849 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 348 (1203 bytes on wire, 1203 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.660811000 [Time delta from previous captured frame: 0.003598000 seconds] [Time delta from previous displayed frame: 0.003598000 seconds] [Time since reference or first frame: 7.263849000 seconds] Frame Number: 348 Frame Length: 1203 bytes Capture Length: 1203 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1189 Identification: 0x7809 (30729) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xeaab [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 1770, Ack: 3089, Len: 1149 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 1770 (relative sequence number) [Next sequence number: 2919 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x5e0a [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 347] [The RTT to ACK the segment was: 0.003598000 seconds] TCP segment data (1149 bytes) No. Time Source Destination Protocol Info 353 7.420461 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=2919 Win=182808 Len=0 Frame 353 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.817423000 [Time delta from previous captured frame: 0.060189000 seconds] [Time delta from previous displayed frame: 0.156612000 seconds] [Time since reference or first frame: 7.420461000 seconds] Frame Number: 353 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5832 (22578) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8aff [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 2919, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 2919 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 182808 (scaled) Checksum: 0x9731 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 348] [The RTT to ACK the segment was: 0.156612000 seconds] No. Time Source Destination Protocol Info 354 7.494605 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 354 (1502 bytes on wire, 1502 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.891567000 [Time delta from previous captured frame: 0.074144000 seconds] [Time delta from previous displayed frame: 0.074144000 seconds] [Time since reference or first frame: 7.494605000 seconds] Frame Number: 354 Frame Length: 1502 bytes Capture Length: 1502 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1488 Identification: 0x7b09 (31497) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xe680 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 2919, Ack: 3089, Len: 1448 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 2919 (relative sequence number) [Next sequence number: 4367 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4d9b [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 353] [The RTT to ACK the segment was: 0.074144000 seconds] TCP segment data (1448 bytes) No. Time Source Destination Protocol Info 355 7.498363 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 355 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.895325000 [Time delta from previous captured frame: 0.003758000 seconds] [Time delta from previous displayed frame: 0.003758000 seconds] [Time since reference or first frame: 7.498363000 seconds] Frame Number: 355 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x7c09 (31753) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xe574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 4367, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 4367 (relative sequence number) [Next sequence number: 5827 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf9dc [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 356 7.498434 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=5827 Win=183960 Len=0 Frame 356 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.895396000 [Time delta from previous captured frame: 0.000071000 seconds] [Time delta from previous displayed frame: 0.000071000 seconds] [Time since reference or first frame: 7.498434000 seconds] Frame Number: 356 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5836 (22582) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8afb [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 5827, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 5827 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x8ab5 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 355] [The RTT to ACK the segment was: 0.000071000 seconds] No. Time Source Destination Protocol Info 357 7.503329 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 357 (1490 bytes on wire, 1490 bytes captured) Arrival Time: Nov 1, 2008 16:29:54.900291000 [Time delta from previous captured frame: 0.004895000 seconds] [Time delta from previous displayed frame: 0.004895000 seconds] [Time since reference or first frame: 7.503329000 seconds] Frame Number: 357 Frame Length: 1490 bytes Capture Length: 1490 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1476 Identification: 0x7d09 (32009) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xe48c [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 5827, Ack: 3089, Len: 1436 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 5827 (relative sequence number) [Next sequence number: 7263 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa3ba [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 356] [The RTT to ACK the segment was: 0.004895000 seconds] TCP segment data (1436 bytes) No. Time Source Destination Protocol Info 358 7.621638 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=7263 Win=182524 Len=0 Frame 358 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.018600000 [Time delta from previous captured frame: 0.118309000 seconds] [Time delta from previous displayed frame: 0.118309000 seconds] [Time since reference or first frame: 7.621638000 seconds] Frame Number: 358 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x583b (22587) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8af6 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 7263, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 7263 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 182524 (scaled) Checksum: 0x8680 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 357] [The RTT to ACK the segment was: 0.118309000 seconds] No. Time Source Destination Protocol Info 359 7.729205 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 359 (1502 bytes on wire, 1502 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.126167000 [Time delta from previous captured frame: 0.107567000 seconds] [Time delta from previous displayed frame: 0.107567000 seconds] [Time since reference or first frame: 7.729205000 seconds] Frame Number: 359 Frame Length: 1502 bytes Capture Length: 1502 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1488 Identification: 0x8a09 (35337) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xd780 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 7263, Ack: 3089, Len: 1448 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 7263 (relative sequence number) [Next sequence number: 8711 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x62f8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 358] [The RTT to ACK the segment was: 0.107567000 seconds] TCP segment data (1448 bytes) No. Time Source Destination Protocol Info 360 7.733126 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 360 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.130088000 [Time delta from previous captured frame: 0.003921000 seconds] [Time delta from previous displayed frame: 0.003921000 seconds] [Time since reference or first frame: 7.733126000 seconds] Frame Number: 360 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x8b09 (35593) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xd674 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 8711, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 8711 (relative sequence number) [Next sequence number: 10171 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe44e [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 361 7.733242 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=10171 Win=183960 Len=0 Frame 361 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.130204000 [Time delta from previous captured frame: 0.000116000 seconds] [Time delta from previous displayed frame: 0.000116000 seconds] [Time since reference or first frame: 7.733242000 seconds] Frame Number: 361 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x585f (22623) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ad2 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 10171, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 10171 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x79bd [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 360] [The RTT to ACK the segment was: 0.000116000 seconds] No. Time Source Destination Protocol Info 362 7.737012 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 362 (1490 bytes on wire, 1490 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.133974000 [Time delta from previous captured frame: 0.003770000 seconds] [Time delta from previous displayed frame: 0.003770000 seconds] [Time since reference or first frame: 7.737012000 seconds] Frame Number: 362 Frame Length: 1490 bytes Capture Length: 1490 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1476 Identification: 0x8c09 (35849) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xd58c [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 10171, Ack: 3089, Len: 1436 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 10171 (relative sequence number) [Next sequence number: 11607 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x30fe [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 361] [The RTT to ACK the segment was: 0.003770000 seconds] TCP segment data (1436 bytes) No. Time Source Destination Protocol Info 363 7.850663 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 363 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.247625000 [Time delta from previous captured frame: 0.113651000 seconds] [Time delta from previous displayed frame: 0.113651000 seconds] [Time since reference or first frame: 7.850663000 seconds] Frame Number: 363 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9309 (37641) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xce74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 11607, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 11607 (relative sequence number) [Next sequence number: 13067 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb95f [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 364 7.850774 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=13067 Win=183960 Len=0 Frame 364 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.247736000 [Time delta from previous captured frame: 0.000111000 seconds] [Time delta from previous displayed frame: 0.000111000 seconds] [Time since reference or first frame: 7.850774000 seconds] Frame Number: 364 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5864 (22628) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8acd [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 13067, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 13067 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x6e6d [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 363] [The RTT to ACK the segment was: 0.000111000 seconds] No. Time Source Destination Protocol Info 365 7.865422 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 365 (1490 bytes on wire, 1490 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.262384000 [Time delta from previous captured frame: 0.014648000 seconds] [Time delta from previous displayed frame: 0.014648000 seconds] [Time since reference or first frame: 7.865422000 seconds] Frame Number: 365 Frame Length: 1490 bytes Capture Length: 1490 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1476 Identification: 0x9409 (37897) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xcd8c [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 13067, Ack: 3089, Len: 1436 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 13067 (relative sequence number) [Next sequence number: 14503 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc067 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 364] [The RTT to ACK the segment was: 0.014648000 seconds] TCP segment data (1436 bytes) No. Time Source Destination Protocol Info 366 7.992745 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 366 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.389707000 [Time delta from previous captured frame: 0.127323000 seconds] [Time delta from previous displayed frame: 0.127323000 seconds] [Time since reference or first frame: 7.992745000 seconds] Frame Number: 366 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9609 (38409) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xcb74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 14503, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 14503 (relative sequence number) [Next sequence number: 15963 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x6bb9 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 367 7.992843 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=15963 Win=183960 Len=0 Frame 367 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.389805000 [Time delta from previous captured frame: 0.000098000 seconds] [Time delta from previous displayed frame: 0.000098000 seconds] [Time since reference or first frame: 7.992843000 seconds] Frame Number: 367 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5869 (22633) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ac8 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 15963, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 15963 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x631d [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 366] [The RTT to ACK the segment was: 0.000098000 seconds] No. Time Source Destination Protocol Info 368 7.994309 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 368 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.391271000 [Time delta from previous captured frame: 0.001466000 seconds] [Time delta from previous displayed frame: 0.001466000 seconds] [Time since reference or first frame: 7.994309000 seconds] Frame Number: 368 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9709 (38665) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xca74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 15963, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 15963 (relative sequence number) [Next sequence number: 17423 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4608 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 367] [The RTT to ACK the segment was: 0.001466000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 369 7.997806 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 369 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.394768000 [Time delta from previous captured frame: 0.003497000 seconds] [Time delta from previous displayed frame: 0.003497000 seconds] [Time since reference or first frame: 7.997806000 seconds] Frame Number: 369 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9809 (38921) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xc974 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 17423, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 17423 (relative sequence number) [Next sequence number: 18883 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb963 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 370 7.997894 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=18883 Win=183960 Len=0 Frame 370 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.394856000 [Time delta from previous captured frame: 0.000088000 seconds] [Time delta from previous displayed frame: 0.000088000 seconds] [Time since reference or first frame: 7.997894000 seconds] Frame Number: 370 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x586e (22638) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ac3 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 18883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 18883 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x57b5 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 369] [The RTT to ACK the segment was: 0.000088000 seconds] No. Time Source Destination Protocol Info 371 8.078051 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 371 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.475013000 [Time delta from previous captured frame: 0.080157000 seconds] [Time delta from previous displayed frame: 0.080157000 seconds] [Time since reference or first frame: 8.078051000 seconds] Frame Number: 371 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9c09 (39945) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xc574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 20343, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 20343 (relative sequence number) [Next sequence number: 21803 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x2302 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 370] [The RTT to ACK the segment was: 0.080157000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 372 8.078136 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 370#1] aspen-services > http [ACK] Seq=3089 Ack=18883 Win=183960 Len=0 SLE=20343 SRE=21803 Frame 372 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.475098000 [Time delta from previous captured frame: 0.000085000 seconds] [Time delta from previous displayed frame: 0.000085000 seconds] [Time since reference or first frame: 8.078136000 seconds] Frame Number: 372 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5871 (22641) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ab4 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 18883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 18883 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xe129 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 20343-21803 left edge = 20343 (relative) right edge = 21803 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 370] No. Time Source Destination Protocol Info 373 8.078485 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 373 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.475447000 [Time delta from previous captured frame: 0.000349000 seconds] [Time delta from previous displayed frame: 0.000349000 seconds] [Time since reference or first frame: 8.078485000 seconds] Frame Number: 373 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9d09 (40201) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xc474 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 21803, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 21803 (relative sequence number) [Next sequence number: 23263 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x31c1 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 372] [The RTT to ACK the segment was: 0.000349000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 374 8.078530 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 370#2] aspen-services > http [ACK] Seq=3089 Ack=18883 Win=183960 Len=0 SLE=20343 SRE=23263 Frame 374 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.475492000 [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.000045000 seconds] [Time since reference or first frame: 8.078530000 seconds] Frame Number: 374 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5872 (22642) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ab3 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 18883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 18883 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xdb75 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 20343-23263 left edge = 20343 (relative) right edge = 23263 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 370] No. Time Source Destination Protocol Info 375 8.178102 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 375 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.575064000 [Time delta from previous captured frame: 0.099572000 seconds] [Time delta from previous displayed frame: 0.099572000 seconds] [Time since reference or first frame: 8.178102000 seconds] Frame Number: 375 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x9f09 (40713) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xc274 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 23263, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 23263 (relative sequence number) [Next sequence number: 24723 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x3447 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 374] [The RTT to ACK the segment was: 0.099572000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 376 8.178203 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 370#3] aspen-services > http [ACK] Seq=3089 Ack=18883 Win=183960 Len=0 SLE=20343 SRE=24723 Frame 376 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.575165000 [Time delta from previous captured frame: 0.000101000 seconds] [Time delta from previous displayed frame: 0.000101000 seconds] [Time since reference or first frame: 8.178203000 seconds] Frame Number: 376 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5873 (22643) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ab2 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 18883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 18883 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xd5c1 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 20343-24723 left edge = 20343 (relative) right edge = 24723 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 3] [Duplicate to the ACK in frame: 370] No. Time Source Destination Protocol Info 377 8.179468 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 377 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.576430000 [Time delta from previous captured frame: 0.001265000 seconds] [Time delta from previous displayed frame: 0.001265000 seconds] [Time since reference or first frame: 8.179468000 seconds] Frame Number: 377 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa009 (40969) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xc174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 24723, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 24723 (relative sequence number) [Next sequence number: 26183 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xab0b [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 376] [The RTT to ACK the segment was: 0.001265000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 378 8.179532 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 370#4] aspen-services > http [ACK] Seq=3089 Ack=18883 Win=183960 Len=0 SLE=20343 SRE=26183 Frame 378 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.576494000 [Time delta from previous captured frame: 0.000064000 seconds] [Time delta from previous displayed frame: 0.000064000 seconds] [Time since reference or first frame: 8.179532000 seconds] Frame Number: 378 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5874 (22644) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ab1 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 18883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 18883 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xd00d [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 20343-26183 left edge = 20343 (relative) right edge = 26183 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 4] [Duplicate to the ACK in frame: 370] No. Time Source Destination Protocol Info 379 8.189497 208.117.224.240 172.28.186.27 TCP [TCP Fast Retransmission] [TCP segment of a reassembled PDU] Frame 379 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.586459000 [Time delta from previous captured frame: 0.009965000 seconds] [Time delta from previous displayed frame: 0.009965000 seconds] [Time since reference or first frame: 8.189497000 seconds] Frame Number: 379 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa109 (41225) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xc074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 18883, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 18883 (relative sequence number) [Next sequence number: 20343 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x3eb3 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 378] [The RTT to ACK the segment was: 0.009965000 seconds] [TCP Analysis Flags] [This frame is a (suspected) fast retransmission] [This frame is a (suspected) retransmission] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 380 8.189609 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=26183 Win=183960 Len=0 Frame 380 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.586571000 [Time delta from previous captured frame: 0.000112000 seconds] [Time delta from previous displayed frame: 0.000112000 seconds] [Time since reference or first frame: 8.189609000 seconds] Frame Number: 380 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5875 (22645) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8abc [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 26183, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 26183 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x3b31 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 377] [The RTT to ACK the segment was: 0.010141000 seconds] No. Time Source Destination Protocol Info 381 8.195318 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 381 (1406 bytes on wire, 1406 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.592280000 [Time delta from previous captured frame: 0.005709000 seconds] [Time delta from previous displayed frame: 0.005709000 seconds] [Time since reference or first frame: 8.195318000 seconds] Frame Number: 381 Frame Length: 1406 bytes Capture Length: 1406 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1392 Identification: 0xa209 (41481) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xbfe0 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 26183, Ack: 3089, Len: 1352 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 26183 (relative sequence number) [Next sequence number: 27535 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x1dca [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 380] [The RTT to ACK the segment was: 0.005709000 seconds] TCP segment data (1352 bytes) No. Time Source Destination Protocol Info 382 8.200436 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 382 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.597398000 [Time delta from previous captured frame: 0.005118000 seconds] [Time delta from previous displayed frame: 0.005118000 seconds] [Time since reference or first frame: 8.200436000 seconds] Frame Number: 382 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa309 (41737) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xbe74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 27535, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 27535 (relative sequence number) [Next sequence number: 28995 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x604c [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 383 8.200503 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=28995 Win=183960 Len=0 Frame 383 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.597465000 [Time delta from previous captured frame: 0.000067000 seconds] [Time delta from previous displayed frame: 0.000067000 seconds] [Time since reference or first frame: 8.200503000 seconds] Frame Number: 383 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x587e (22654) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8ab3 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 28995, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 28995 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x3035 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 382] [The RTT to ACK the segment was: 0.000067000 seconds] No. Time Source Destination Protocol Info 384 8.202681 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 384 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.599643000 [Time delta from previous captured frame: 0.002178000 seconds] [Time delta from previous displayed frame: 0.002178000 seconds] [Time since reference or first frame: 8.202681000 seconds] Frame Number: 384 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa409 (41993) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xbd74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 28995, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 28995 (relative sequence number) [Next sequence number: 30455 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xd3a4 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 383] [The RTT to ACK the segment was: 0.002178000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 385 8.204597 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 385 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.601559000 [Time delta from previous captured frame: 0.001916000 seconds] [Time delta from previous displayed frame: 0.001916000 seconds] [Time since reference or first frame: 8.204597000 seconds] Frame Number: 385 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa609 (42505) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xbb74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 31915, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 31915 (relative sequence number) [Next sequence number: 33375 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x6408 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 386 8.204665 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=33375 Frame 386 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.601627000 [Time delta from previous captured frame: 0.000068000 seconds] [Time delta from previous displayed frame: 0.000068000 seconds] [Time since reference or first frame: 8.204665000 seconds] Frame Number: 386 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5883 (22659) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8aa2 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x598d [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-33375 left edge = 31915 (relative) right edge = 33375 (relative) No. Time Source Destination Protocol Info 387 8.206602 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 387 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.603564000 [Time delta from previous captured frame: 0.001937000 seconds] [Time delta from previous displayed frame: 0.001937000 seconds] [Time since reference or first frame: 8.206602000 seconds] Frame Number: 387 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa709 (42761) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xba74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 33375, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 33375 (relative sequence number) [Next sequence number: 34835 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc2b6 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 386] [The RTT to ACK the segment was: 0.001937000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 388 8.206656 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#1] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=34835 Frame 388 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.603618000 [Time delta from previous captured frame: 0.000054000 seconds] [Time delta from previous displayed frame: 0.000054000 seconds] [Time since reference or first frame: 8.206656000 seconds] Frame Number: 388 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5884 (22660) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8aa1 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x53d9 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-34835 left edge = 31915 (relative) right edge = 34835 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 389 8.212165 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 389 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.609127000 [Time delta from previous captured frame: 0.005509000 seconds] [Time delta from previous displayed frame: 0.005509000 seconds] [Time since reference or first frame: 8.212165000 seconds] Frame Number: 389 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa809 (43017) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb974 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 34835, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 34835 (relative sequence number) [Next sequence number: 36295 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4566 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 388] [The RTT to ACK the segment was: 0.005509000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 390 8.212218 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#2] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=36295 Frame 390 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.609180000 [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.000053000 seconds] [Time since reference or first frame: 8.212218000 seconds] Frame Number: 390 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5885 (22661) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8aa0 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x4e25 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-36295 left edge = 31915 (relative) right edge = 36295 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 391 8.212741 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 391 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.609703000 [Time delta from previous captured frame: 0.000523000 seconds] [Time delta from previous displayed frame: 0.000523000 seconds] [Time since reference or first frame: 8.212741000 seconds] Frame Number: 391 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xa909 (43273) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb874 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 36295, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 36295 (relative sequence number) [Next sequence number: 37755 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x7ca5 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 390] [The RTT to ACK the segment was: 0.000523000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 392 8.212785 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#3] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=37755 Frame 392 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.609747000 [Time delta from previous captured frame: 0.000044000 seconds] [Time delta from previous displayed frame: 0.000044000 seconds] [Time since reference or first frame: 8.212785000 seconds] Frame Number: 392 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5886 (22662) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9f [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x4871 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-37755 left edge = 31915 (relative) right edge = 37755 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 3] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 393 8.310368 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 393 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.707330000 [Time delta from previous captured frame: 0.097583000 seconds] [Time delta from previous displayed frame: 0.097583000 seconds] [Time since reference or first frame: 8.310368000 seconds] Frame Number: 393 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xac09 (44041) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 37755, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 37755 (relative sequence number) [Next sequence number: 39215 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xd128 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 392] [The RTT to ACK the segment was: 0.097583000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 394 8.310442 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#4] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=39215 Frame 394 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.707404000 [Time delta from previous captured frame: 0.000074000 seconds] [Time delta from previous displayed frame: 0.000074000 seconds] [Time since reference or first frame: 8.310442000 seconds] Frame Number: 394 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5887 (22663) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9e [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x42bd [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-39215 left edge = 31915 (relative) right edge = 39215 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 4] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 395 8.319152 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 395 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.716114000 [Time delta from previous captured frame: 0.008710000 seconds] [Time delta from previous displayed frame: 0.008710000 seconds] [Time since reference or first frame: 8.319152000 seconds] Frame Number: 395 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xad09 (44297) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb474 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 39215, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 39215 (relative sequence number) [Next sequence number: 40675 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x832a [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 394] [The RTT to ACK the segment was: 0.008710000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 396 8.319195 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#5] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=40675 Frame 396 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.716157000 [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000043000 seconds] [Time since reference or first frame: 8.319195000 seconds] Frame Number: 396 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5888 (22664) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9d [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x3d09 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-40675 left edge = 31915 (relative) right edge = 40675 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 5] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 397 8.325980 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 397 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.722942000 [Time delta from previous captured frame: 0.006785000 seconds] [Time delta from previous displayed frame: 0.006785000 seconds] [Time since reference or first frame: 8.325980000 seconds] Frame Number: 397 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xae09 (44553) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb374 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 40675, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 40675 (relative sequence number) [Next sequence number: 42135 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc552 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 396] [The RTT to ACK the segment was: 0.006785000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 398 8.326015 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#6] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=42135 Frame 398 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.722977000 [Time delta from previous captured frame: 0.000035000 seconds] [Time delta from previous displayed frame: 0.000035000 seconds] [Time since reference or first frame: 8.326015000 seconds] Frame Number: 398 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5889 (22665) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9c [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x3755 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-42135 left edge = 31915 (relative) right edge = 42135 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 6] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 399 8.430299 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 399 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.827261000 [Time delta from previous captured frame: 0.104284000 seconds] [Time delta from previous displayed frame: 0.104284000 seconds] [Time since reference or first frame: 8.430299000 seconds] Frame Number: 399 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xaf09 (44809) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb274 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 42135, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 42135 (relative sequence number) [Next sequence number: 43595 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x8848 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 398] [The RTT to ACK the segment was: 0.104284000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 400 8.430384 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#7] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=43595 Frame 400 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.827346000 [Time delta from previous captured frame: 0.000085000 seconds] [Time delta from previous displayed frame: 0.000085000 seconds] [Time since reference or first frame: 8.430384000 seconds] Frame Number: 400 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x588a (22666) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9b [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x31a1 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-43595 left edge = 31915 (relative) right edge = 43595 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 7] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 401 8.457537 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 401 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.854499000 [Time delta from previous captured frame: 0.027153000 seconds] [Time delta from previous displayed frame: 0.027153000 seconds] [Time since reference or first frame: 8.457537000 seconds] Frame Number: 401 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xb009 (45065) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 43595, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 43595 (relative sequence number) [Next sequence number: 45055 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x975f [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 400] [The RTT to ACK the segment was: 0.027153000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 402 8.457603 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 386#8] aspen-services > http [ACK] Seq=3089 Ack=30455 Win=183960 Len=0 SLE=31915 SRE=45055 Frame 402 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:55.854565000 [Time delta from previous captured frame: 0.000066000 seconds] [Time delta from previous displayed frame: 0.000066000 seconds] [Time since reference or first frame: 8.457603000 seconds] Frame Number: 402 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x588b (22667) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9a [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 30455, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 30455 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x2bed [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 31915-45055 left edge = 31915 (relative) right edge = 45055 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 8] [Duplicate to the ACK in frame: 386] No. Time Source Destination Protocol Info 406 8.623980 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 406 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.020942000 [Time delta from previous captured frame: 0.002712000 seconds] [Time delta from previous displayed frame: 0.166377000 seconds] [Time since reference or first frame: 8.623980000 seconds] Frame Number: 406 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xb109 (45321) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xb074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 30455, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 30455 (relative sequence number) [Next sequence number: 31915 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x700c [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 402] [The RTT to ACK the segment was: 0.166377000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.166443000 seconds] [RTO based on delta from frame: 401] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 407 8.624072 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=45055 Win=183960 Len=0 Frame 407 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.021034000 [Time delta from previous captured frame: 0.000092000 seconds] [Time delta from previous displayed frame: 0.000092000 seconds] [Time since reference or first frame: 8.624072000 seconds] Frame Number: 407 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5893 (22675) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a9e [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 45055, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 45055 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xf178 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 401] [The RTT to ACK the segment was: 0.166535000 seconds] No. Time Source Destination Protocol Info 408 8.647125 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 408 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.044087000 [Time delta from previous captured frame: 0.023053000 seconds] [Time delta from previous displayed frame: 0.023053000 seconds] [Time since reference or first frame: 8.647125000 seconds] Frame Number: 408 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xb309 (45833) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xae74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 46503, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 46503 (relative sequence number) [Next sequence number: 47963 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x64f6 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 407] [The RTT to ACK the segment was: 0.023053000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 409 8.647216 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 407#1] aspen-services > http [ACK] Seq=3089 Ack=45055 Win=183960 Len=0 SLE=46503 SRE=47963 Frame 409 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.044178000 [Time delta from previous captured frame: 0.000091000 seconds] [Time delta from previous displayed frame: 0.000091000 seconds] [Time since reference or first frame: 8.647216000 seconds] Frame Number: 409 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x58a0 (22688) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a85 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 45055, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 45055 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xae8c [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 46503-47963 left edge = 46503 (relative) right edge = 47963 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 407] No. Time Source Destination Protocol Info 445 9.430742 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 445 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.827704000 [Time delta from previous captured frame: 0.040496000 seconds] [Time delta from previous displayed frame: 0.783526000 seconds] [Time since reference or first frame: 9.430742000 seconds] Frame Number: 445 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xbb09 (47881) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xa674 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 45055, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 45055 (relative sequence number) [Next sequence number: 46515 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xeae3 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 409] [The RTT to ACK the segment was: 0.783526000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.783617000 seconds] [RTO based on delta from frame: 408] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 446 9.430885 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=47963 Win=183960 Len=0 Frame 446 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.827847000 [Time delta from previous captured frame: 0.000143000 seconds] [Time delta from previous displayed frame: 0.000143000 seconds] [Time since reference or first frame: 9.430885000 seconds] Frame Number: 446 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x58e4 (22756) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a4d [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 47963, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 47963 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xe61c [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 408] [The RTT to ACK the segment was: 0.783760000 seconds] No. Time Source Destination Protocol Info 449 9.441529 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 449 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.838491000 [Time delta from previous captured frame: 0.005792000 seconds] [Time delta from previous displayed frame: 0.010644000 seconds] [Time since reference or first frame: 9.441529000 seconds] Frame Number: 449 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xbc09 (48137) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xa574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 47963, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 47963 (relative sequence number) [Next sequence number: 49423 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x8f00 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 446] [The RTT to ACK the segment was: 0.010644000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 450 9.441639 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=49423 Win=183960 Len=0 Frame 450 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.838601000 [Time delta from previous captured frame: 0.000110000 seconds] [Time delta from previous displayed frame: 0.000110000 seconds] [Time since reference or first frame: 9.441639000 seconds] Frame Number: 450 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x58ea (22762) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a47 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 49423, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 49423 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xe068 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 449] [The RTT to ACK the segment was: 0.000110000 seconds] No. Time Source Destination Protocol Info 451 9.442063 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 451 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.839025000 [Time delta from previous captured frame: 0.000424000 seconds] [Time delta from previous displayed frame: 0.000424000 seconds] [Time since reference or first frame: 9.442063000 seconds] Frame Number: 451 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xbd09 (48393) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xa474 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 49423, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 49423 (relative sequence number) [Next sequence number: 50883 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x1135 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 450] [The RTT to ACK the segment was: 0.000424000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 452 9.454823 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 452 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.851785000 [Time delta from previous captured frame: 0.012760000 seconds] [Time delta from previous displayed frame: 0.012760000 seconds] [Time since reference or first frame: 9.454823000 seconds] Frame Number: 452 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xbf09 (48905) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xa274 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 52343, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 52343 (relative sequence number) [Next sequence number: 53803 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4268 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 453 9.454913 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=50883 Win=183960 Len=0 SLE=52343 SRE=53803 Frame 453 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.851875000 [Time delta from previous captured frame: 0.000090000 seconds] [Time delta from previous displayed frame: 0.000090000 seconds] [Time since reference or first frame: 9.454913000 seconds] Frame Number: 453 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x58f1 (22769) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a34 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 50883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 50883 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x6a28 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 52343-53803 left edge = 52343 (relative) right edge = 53803 (relative) No. Time Source Destination Protocol Info 454 9.469708 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 454 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.866670000 [Time delta from previous captured frame: 0.014795000 seconds] [Time delta from previous displayed frame: 0.014795000 seconds] [Time since reference or first frame: 9.469708000 seconds] Frame Number: 454 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xc009 (49161) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0xa174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 53803, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 53803 (relative sequence number) [Next sequence number: 55263 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x2190 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 453] [The RTT to ACK the segment was: 0.014795000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 455 9.469796 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 453#1] aspen-services > http [ACK] Seq=3089 Ack=50883 Win=183960 Len=0 SLE=52343 SRE=55263 Frame 455 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:56.866758000 [Time delta from previous captured frame: 0.000088000 seconds] [Time delta from previous displayed frame: 0.000088000 seconds] [Time since reference or first frame: 9.469796000 seconds] Frame Number: 455 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x58f2 (22770) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a33 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 50883, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 50883 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x6474 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 52343-55263 left edge = 52343 (relative) right edge = 55263 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 453] No. Time Source Destination Protocol Info 457 9.872139 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 457 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.269101000 [Time delta from previous captured frame: 0.238836000 seconds] [Time delta from previous displayed frame: 0.402343000 seconds] [Time since reference or first frame: 9.872139000 seconds] Frame Number: 457 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xc809 (51209) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x9974 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 50883, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 50883 (relative sequence number) [Next sequence number: 52343 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x07d8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 455] [The RTT to ACK the segment was: 0.402343000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.402431000 seconds] [RTO based on delta from frame: 454] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 458 9.872298 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=55263 Win=183960 Len=0 Frame 458 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.269260000 [Time delta from previous captured frame: 0.000159000 seconds] [Time delta from previous displayed frame: 0.000159000 seconds] [Time since reference or first frame: 9.872298000 seconds] Frame Number: 458 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x58f5 (22773) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a3c [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 55263, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 55263 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xc998 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 454] [The RTT to ACK the segment was: 0.402590000 seconds] No. Time Source Destination Protocol Info 459 9.895225 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 459 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.292187000 [Time delta from previous captured frame: 0.022927000 seconds] [Time delta from previous displayed frame: 0.022927000 seconds] [Time since reference or first frame: 9.895225000 seconds] Frame Number: 459 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xc909 (51465) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x9874 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 55263, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 55263 (relative sequence number) [Next sequence number: 56723 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xbc1f [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 458] [The RTT to ACK the segment was: 0.022927000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 460 10.035651 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=56723 Win=183960 Len=0 Frame 460 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.432613000 [Time delta from previous captured frame: 0.140426000 seconds] [Time delta from previous displayed frame: 0.140426000 seconds] [Time since reference or first frame: 10.035651000 seconds] Frame Number: 460 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x58fc (22780) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a35 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 56723, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 56723 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xc3e4 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 459] [The RTT to ACK the segment was: 0.140426000 seconds] No. Time Source Destination Protocol Info 461 10.040271 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 461 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.437233000 [Time delta from previous captured frame: 0.004620000 seconds] [Time delta from previous displayed frame: 0.004620000 seconds] [Time since reference or first frame: 10.040271000 seconds] Frame Number: 461 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xd109 (53513) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x9074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 58183, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 58183 (relative sequence number) [Next sequence number: 59643 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x8a71 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 460] [The RTT to ACK the segment was: 0.004620000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 462 10.040340 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 460#1] aspen-services > http [ACK] Seq=3089 Ack=56723 Win=183960 Len=0 SLE=58183 SRE=59643 Frame 462 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.437302000 [Time delta from previous captured frame: 0.000069000 seconds] [Time delta from previous displayed frame: 0.000069000 seconds] [Time since reference or first frame: 10.040340000 seconds] Frame Number: 462 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x58fd (22781) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a28 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 56723, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 56723 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x25b8 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 58183-59643 left edge = 58183 (relative) right edge = 59643 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 460] No. Time Source Destination Protocol Info 463 10.042743 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 463 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.439705000 [Time delta from previous captured frame: 0.002403000 seconds] [Time delta from previous displayed frame: 0.002403000 seconds] [Time since reference or first frame: 10.042743000 seconds] Frame Number: 463 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xd209 (53769) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x8f74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 59643, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 59643 (relative sequence number) [Next sequence number: 61103 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x7fc4 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 462] [The RTT to ACK the segment was: 0.002403000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 464 10.042790 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 460#2] aspen-services > http [ACK] Seq=3089 Ack=56723 Win=183960 Len=0 SLE=58183 SRE=61103 Frame 464 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.439752000 [Time delta from previous captured frame: 0.000047000 seconds] [Time delta from previous displayed frame: 0.000047000 seconds] [Time since reference or first frame: 10.042790000 seconds] Frame Number: 464 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x58fe (22782) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a27 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 56723, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 56723 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x2004 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 58183-61103 left edge = 58183 (relative) right edge = 61103 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 460] No. Time Source Destination Protocol Info 465 10.437528 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 465 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.834490000 [Time delta from previous captured frame: 0.394738000 seconds] [Time delta from previous displayed frame: 0.394738000 seconds] [Time since reference or first frame: 10.437528000 seconds] Frame Number: 465 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xdb09 (56073) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x8674 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 56723, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 56723 (relative sequence number) [Next sequence number: 58183 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x150e [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 464] [The RTT to ACK the segment was: 0.394738000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.394785000 seconds] [RTO based on delta from frame: 463] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 466 10.437697 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=61103 Win=183960 Len=0 Frame 466 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.834659000 [Time delta from previous captured frame: 0.000169000 seconds] [Time delta from previous displayed frame: 0.000169000 seconds] [Time since reference or first frame: 10.437697000 seconds] Frame Number: 466 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x58ff (22783) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a32 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 61103, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 61103 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xb2c8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 463] [The RTT to ACK the segment was: 0.394954000 seconds] No. Time Source Destination Protocol Info 467 10.442382 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 467 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:57.839344000 [Time delta from previous captured frame: 0.004685000 seconds] [Time delta from previous displayed frame: 0.004685000 seconds] [Time since reference or first frame: 10.442382000 seconds] Frame Number: 467 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xdc09 (56329) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x8574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 61103, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 61103 (relative sequence number) [Next sequence number: 62563 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x3da1 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 466] [The RTT to ACK the segment was: 0.004685000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 468 10.639135 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=62563 Win=183960 Len=0 Frame 468 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.036097000 [Time delta from previous captured frame: 0.196753000 seconds] [Time delta from previous displayed frame: 0.196753000 seconds] [Time since reference or first frame: 10.639135000 seconds] Frame Number: 468 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5906 (22790) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a2b [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 62563, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 62563 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xad14 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 467] [The RTT to ACK the segment was: 0.196753000 seconds] No. Time Source Destination Protocol Info 469 10.649404 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 469 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.046366000 [Time delta from previous captured frame: 0.010269000 seconds] [Time delta from previous displayed frame: 0.010269000 seconds] [Time since reference or first frame: 10.649404000 seconds] Frame Number: 469 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe009 (57353) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x8174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 64023, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 64023 (relative sequence number) [Next sequence number: 65483 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x9837 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 468] [The RTT to ACK the segment was: 0.010269000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 470 10.649480 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 468#1] aspen-services > http [ACK] Seq=3089 Ack=62563 Win=183960 Len=0 SLE=64023 SRE=65483 Frame 470 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.046442000 [Time delta from previous captured frame: 0.000076000 seconds] [Time delta from previous displayed frame: 0.000076000 seconds] [Time since reference or first frame: 10.649480000 seconds] Frame Number: 470 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5907 (22791) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a1e [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 62563, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 62563 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xe147 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 64023-65483 left edge = 64023 (relative) right edge = 65483 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 468] No. Time Source Destination Protocol Info 471 10.649915 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 471 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.046877000 [Time delta from previous captured frame: 0.000435000 seconds] [Time delta from previous displayed frame: 0.000435000 seconds] [Time since reference or first frame: 10.649915000 seconds] Frame Number: 471 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe109 (57609) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x8074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 65483, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 65483 (relative sequence number) [Next sequence number: 66943 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xd383 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 470] [The RTT to ACK the segment was: 0.000435000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 472 10.649960 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 468#2] aspen-services > http [ACK] Seq=3089 Ack=62563 Win=183960 Len=0 SLE=64023 SRE=66943 Frame 472 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.046922000 [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.000045000 seconds] [Time since reference or first frame: 10.649960000 seconds] Frame Number: 472 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5908 (22792) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a1d [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 62563, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 62563 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xdb93 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 64023-66943 left edge = 64023 (relative) right edge = 66943 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 468] No. Time Source Destination Protocol Info 473 11.096406 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 473 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.493368000 [Time delta from previous captured frame: 0.446446000 seconds] [Time delta from previous displayed frame: 0.446446000 seconds] [Time since reference or first frame: 11.096406000 seconds] Frame Number: 473 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe409 (58377) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7d74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 62563, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 62563 (relative sequence number) [Next sequence number: 64023 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf727 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 472] [The RTT to ACK the segment was: 0.446446000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.446491000 seconds] [RTO based on delta from frame: 471] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 474 11.096533 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=66943 Win=183960 Len=0 Frame 474 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.493495000 [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.000127000 seconds] [Time since reference or first frame: 11.096533000 seconds] Frame Number: 474 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5909 (22793) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a28 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 66943, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 66943 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x9bf8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 471] [The RTT to ACK the segment was: 0.446618000 seconds] No. Time Source Destination Protocol Info 475 11.108783 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 475 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.505745000 [Time delta from previous captured frame: 0.012250000 seconds] [Time delta from previous displayed frame: 0.012250000 seconds] [Time since reference or first frame: 11.108783000 seconds] Frame Number: 475 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe509 (58633) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7c74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 66943, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 66943 (relative sequence number) [Next sequence number: 68403 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x420c [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 474] [The RTT to ACK the segment was: 0.012250000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 476 11.109214 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 476 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.506176000 [Time delta from previous captured frame: 0.000431000 seconds] [Time delta from previous displayed frame: 0.000431000 seconds] [Time since reference or first frame: 11.109214000 seconds] Frame Number: 476 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe609 (58889) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7b74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 68403, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 68403 (relative sequence number) [Next sequence number: 69863 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xdc48 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 477 11.109256 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=69863 Win=183960 Len=0 Frame 477 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.506218000 [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000042000 seconds] [Time since reference or first frame: 11.109256000 seconds] Frame Number: 477 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5910 (22800) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a21 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 69863, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 69863 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x9090 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 476] [The RTT to ACK the segment was: 0.000042000 seconds] No. Time Source Destination Protocol Info 478 11.123005 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 478 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.519967000 [Time delta from previous captured frame: 0.013749000 seconds] [Time delta from previous displayed frame: 0.013749000 seconds] [Time since reference or first frame: 11.123005000 seconds] Frame Number: 478 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe709 (59145) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7a74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 69863, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 69863 (relative sequence number) [Next sequence number: 71323 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf2d8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 477] [The RTT to ACK the segment was: 0.013749000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 479 11.123493 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 479 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.520455000 [Time delta from previous captured frame: 0.000488000 seconds] [Time delta from previous displayed frame: 0.000488000 seconds] [Time since reference or first frame: 11.123493000 seconds] Frame Number: 479 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xe909 (59657) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7874 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 72783, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 72783 (relative sequence number) [Next sequence number: 74243 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe391 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 480 11.123526 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=71323 Win=183960 Len=0 SLE=72783 SRE=74243 Frame 480 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.520488000 [Time delta from previous captured frame: 0.000033000 seconds] [Time delta from previous displayed frame: 0.000033000 seconds] [Time since reference or first frame: 11.123526000 seconds] Frame Number: 480 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5915 (22805) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a10 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 71323, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 71323 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x7a9f [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 72783-74243 left edge = 72783 (relative) right edge = 74243 (relative) No. Time Source Destination Protocol Info 481 11.147476 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 481 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.544438000 [Time delta from previous captured frame: 0.023950000 seconds] [Time delta from previous displayed frame: 0.023950000 seconds] [Time since reference or first frame: 11.147476000 seconds] Frame Number: 481 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xea09 (59913) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7774 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 74243, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 74243 (relative sequence number) [Next sequence number: 75703 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x08b5 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 480] [The RTT to ACK the segment was: 0.023950000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 482 11.147627 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 480#1] aspen-services > http [ACK] Seq=3089 Ack=71323 Win=183960 Len=0 SLE=72783 SRE=75703 Frame 482 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.544589000 [Time delta from previous captured frame: 0.000151000 seconds] [Time delta from previous displayed frame: 0.000151000 seconds] [Time since reference or first frame: 11.147627000 seconds] Frame Number: 482 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5916 (22806) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a0f [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 71323, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 71323 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x74eb [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 72783-75703 left edge = 72783 (relative) right edge = 75703 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 480] No. Time Source Destination Protocol Info 483 11.549233 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 483 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.946195000 [Time delta from previous captured frame: 0.401606000 seconds] [Time delta from previous displayed frame: 0.401606000 seconds] [Time since reference or first frame: 11.549233000 seconds] Frame Number: 483 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xec09 (60425) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 71323, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 71323 (relative sequence number) [Next sequence number: 72783 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x2897 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 482] [The RTT to ACK the segment was: 0.401606000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.401757000 seconds] [RTO based on delta from frame: 481] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 484 11.549348 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=75703 Win=183960 Len=0 Frame 484 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.946310000 [Time delta from previous captured frame: 0.000115000 seconds] [Time delta from previous displayed frame: 0.000115000 seconds] [Time since reference or first frame: 11.549348000 seconds] Frame Number: 484 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5918 (22808) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a19 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 75703, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 75703 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x79c0 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 481] [The RTT to ACK the segment was: 0.401872000 seconds] No. Time Source Destination Protocol Info 485 11.571829 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 485 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:58.968791000 [Time delta from previous captured frame: 0.022481000 seconds] [Time delta from previous displayed frame: 0.022481000 seconds] [Time since reference or first frame: 11.571829000 seconds] Frame Number: 485 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xed09 (60681) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7474 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 75703, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 75703 (relative sequence number) [Next sequence number: 77163 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xbe61 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 484] [The RTT to ACK the segment was: 0.022481000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 486 11.745539 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=77163 Win=183960 Len=0 Frame 486 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.142501000 [Time delta from previous captured frame: 0.173710000 seconds] [Time delta from previous displayed frame: 0.173710000 seconds] [Time since reference or first frame: 11.745539000 seconds] Frame Number: 486 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x591f (22815) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a12 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 77163, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 77163 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x740c [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 485] [The RTT to ACK the segment was: 0.173710000 seconds] No. Time Source Destination Protocol Info 487 11.765359 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 487 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.162321000 [Time delta from previous captured frame: 0.019820000 seconds] [Time delta from previous displayed frame: 0.019820000 seconds] [Time since reference or first frame: 11.765359000 seconds] Frame Number: 487 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xf009 (61449) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 78623, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 78623 (relative sequence number) [Next sequence number: 80083 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x9c81 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 486] [The RTT to ACK the segment was: 0.019820000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 488 11.765441 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 486#1] aspen-services > http [ACK] Seq=3089 Ack=77163 Win=183960 Len=0 SLE=78623 SRE=80083 Frame 488 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.162403000 [Time delta from previous captured frame: 0.000082000 seconds] [Time delta from previous displayed frame: 0.000082000 seconds] [Time since reference or first frame: 11.765441000 seconds] Frame Number: 488 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5920 (22816) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a05 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 77163, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 77163 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x362f [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 78623-80083 left edge = 78623 (relative) right edge = 80083 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 486] No. Time Source Destination Protocol Info 489 11.765790 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 489 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.162752000 [Time delta from previous captured frame: 0.000349000 seconds] [Time delta from previous displayed frame: 0.000349000 seconds] [Time since reference or first frame: 11.765790000 seconds] Frame Number: 489 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xf109 (61705) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x7074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 80083, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 80083 (relative sequence number) [Next sequence number: 81543 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xbe16 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 488] [The RTT to ACK the segment was: 0.000349000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 490 11.765836 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 486#2] aspen-services > http [ACK] Seq=3089 Ack=77163 Win=183960 Len=0 SLE=78623 SRE=81543 Frame 490 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.162798000 [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000046000 seconds] [Time since reference or first frame: 11.765836000 seconds] Frame Number: 490 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5921 (22817) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a04 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 77163, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 77163 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x307b [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 78623-81543 left edge = 78623 (relative) right edge = 81543 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 486] No. Time Source Destination Protocol Info 491 12.202393 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 491 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.599355000 [Time delta from previous captured frame: 0.436557000 seconds] [Time delta from previous displayed frame: 0.436557000 seconds] [Time since reference or first frame: 12.202393000 seconds] Frame Number: 491 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xfa09 (64009) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x6774 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 77163, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 77163 (relative sequence number) [Next sequence number: 78623 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa3a0 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 490] [The RTT to ACK the segment was: 0.436557000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.436603000 seconds] [RTO based on delta from frame: 489] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 492 12.202545 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=81543 Win=183960 Len=0 Frame 492 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.599507000 [Time delta from previous captured frame: 0.000152000 seconds] [Time delta from previous displayed frame: 0.000152000 seconds] [Time since reference or first frame: 12.202545000 seconds] Frame Number: 492 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5922 (22818) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a0f [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 81543, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 81543 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x62f0 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 489] [The RTT to ACK the segment was: 0.436755000 seconds] No. Time Source Destination Protocol Info 493 12.218683 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 493 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.615645000 [Time delta from previous captured frame: 0.016138000 seconds] [Time delta from previous displayed frame: 0.016138000 seconds] [Time since reference or first frame: 12.218683000 seconds] Frame Number: 493 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0xfb09 (64265) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x6674 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 81543, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 81543 (relative sequence number) [Next sequence number: 83003 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x7c23 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 492] [The RTT to ACK the segment was: 0.016138000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 494 12.349027 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=83003 Win=183960 Len=0 Frame 494 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.745989000 [Time delta from previous captured frame: 0.130344000 seconds] [Time delta from previous displayed frame: 0.130344000 seconds] [Time since reference or first frame: 12.349027000 seconds] Frame Number: 494 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5929 (22825) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a08 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 83003, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 83003 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x5d3c [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 493] [The RTT to ACK the segment was: 0.130344000 seconds] No. Time Source Destination Protocol Info 495 12.366870 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 495 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.763832000 [Time delta from previous captured frame: 0.017843000 seconds] [Time delta from previous displayed frame: 0.017843000 seconds] [Time since reference or first frame: 12.366870000 seconds] Frame Number: 495 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x020a (522) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x5f74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 84463, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 84463 (relative sequence number) [Next sequence number: 85923 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x0c4f [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 494] [The RTT to ACK the segment was: 0.017843000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 496 12.366920 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 494#1] aspen-services > http [ACK] Seq=3089 Ack=83003 Win=183960 Len=0 SLE=84463 SRE=85923 Frame 496 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.763882000 [Time delta from previous captured frame: 0.000050000 seconds] [Time delta from previous displayed frame: 0.000050000 seconds] [Time since reference or first frame: 12.366920000 seconds] Frame Number: 496 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x592a (22826) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89fb [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 83003, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 83003 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xf1be [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 84463-85923 left edge = 84463 (relative) right edge = 85923 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 494] No. Time Source Destination Protocol Info 497 12.367923 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 497 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.764885000 [Time delta from previous captured frame: 0.001003000 seconds] [Time delta from previous displayed frame: 0.001003000 seconds] [Time since reference or first frame: 12.367923000 seconds] Frame Number: 497 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x030a (778) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x5e74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 85923, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 85923 (relative sequence number) [Next sequence number: 87383 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x8885 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 496] [The RTT to ACK the segment was: 0.001003000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 498 12.367969 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 494#2] aspen-services > http [ACK] Seq=3089 Ack=83003 Win=183960 Len=0 SLE=84463 SRE=87383 Frame 498 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:29:59.764931000 [Time delta from previous captured frame: 0.000046000 seconds] [Time delta from previous displayed frame: 0.000046000 seconds] [Time since reference or first frame: 12.367969000 seconds] Frame Number: 498 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x592b (22827) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89fa [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 83003, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 83003 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xec0a [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 84463-87383 left edge = 84463 (relative) right edge = 87383 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 494] No. Time Source Destination Protocol Info 499 12.778566 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 499 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.175528000 [Time delta from previous captured frame: 0.410597000 seconds] [Time delta from previous displayed frame: 0.410597000 seconds] [Time since reference or first frame: 12.778566000 seconds] Frame Number: 499 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x0e0a (3594) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x5374 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 83003, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 83003 (relative sequence number) [Next sequence number: 84463 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x91f7 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 498] [The RTT to ACK the segment was: 0.410597000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.410643000 seconds] [RTO based on delta from frame: 497] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 500 12.778715 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=87383 Win=183960 Len=0 Frame 500 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.175677000 [Time delta from previous captured frame: 0.000149000 seconds] [Time delta from previous displayed frame: 0.000149000 seconds] [Time since reference or first frame: 12.778715000 seconds] Frame Number: 500 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x592c (22828) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x8a05 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 87383, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 87383 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x4c20 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 497] [The RTT to ACK the segment was: 0.410792000 seconds] No. Time Source Destination Protocol Info 501 12.784167 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 501 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.181129000 [Time delta from previous captured frame: 0.005452000 seconds] [Time delta from previous displayed frame: 0.005452000 seconds] [Time since reference or first frame: 12.784167000 seconds] Frame Number: 501 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x0f0a (3850) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x5274 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 87383, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 87383 (relative sequence number) [Next sequence number: 88843 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf48f [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 500] [The RTT to ACK the segment was: 0.005452000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 502 12.785743 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 502 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.182705000 [Time delta from previous captured frame: 0.001576000 seconds] [Time delta from previous displayed frame: 0.001576000 seconds] [Time since reference or first frame: 12.785743000 seconds] Frame Number: 502 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x100a (4106) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x5174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 88843, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 88843 (relative sequence number) [Next sequence number: 90303 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb33f [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 503 12.785805 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=90303 Win=183960 Len=0 Frame 503 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.182767000 [Time delta from previous captured frame: 0.000062000 seconds] [Time delta from previous displayed frame: 0.000062000 seconds] [Time since reference or first frame: 12.785805000 seconds] Frame Number: 503 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5933 (22835) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89fe [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 90303, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 90303 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x40b8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 502] [The RTT to ACK the segment was: 0.000062000 seconds] No. Time Source Destination Protocol Info 504 12.802026 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 504 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.198988000 [Time delta from previous captured frame: 0.016221000 seconds] [Time delta from previous displayed frame: 0.016221000 seconds] [Time since reference or first frame: 12.802026000 seconds] Frame Number: 504 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x110a (4362) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x5074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 90303, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 90303 (relative sequence number) [Next sequence number: 91763 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb4aa [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 503] [The RTT to ACK the segment was: 0.016221000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 505 12.802570 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 505 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.199532000 [Time delta from previous captured frame: 0.000544000 seconds] [Time delta from previous displayed frame: 0.000544000 seconds] [Time since reference or first frame: 12.802570000 seconds] Frame Number: 505 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x120a (4618) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4f74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 91763, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 91763 (relative sequence number) [Next sequence number: 93223 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x69c8 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 506 12.802634 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=93223 Win=183960 Len=0 Frame 506 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.199596000 [Time delta from previous captured frame: 0.000064000 seconds] [Time delta from previous displayed frame: 0.000064000 seconds] [Time since reference or first frame: 12.802634000 seconds] Frame Number: 506 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5938 (22840) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89f9 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 93223, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 93223 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x3550 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 505] [The RTT to ACK the segment was: 0.000064000 seconds] No. Time Source Destination Protocol Info 507 12.803090 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 507 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.200052000 [Time delta from previous captured frame: 0.000456000 seconds] [Time delta from previous displayed frame: 0.000456000 seconds] [Time since reference or first frame: 12.803090000 seconds] Frame Number: 507 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x130a (4874) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4e74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 93223, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 93223 (relative sequence number) [Next sequence number: 94683 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4c3a [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 506] [The RTT to ACK the segment was: 0.000456000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 508 12.811441 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 508 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.208403000 [Time delta from previous captured frame: 0.008351000 seconds] [Time delta from previous displayed frame: 0.008351000 seconds] [Time since reference or first frame: 12.811441000 seconds] Frame Number: 508 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x150a (5386) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4c74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 96143, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 96143 (relative sequence number) [Next sequence number: 97603 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb46d [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 509 12.811512 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=94683 Win=183960 Len=0 SLE=96143 SRE=97603 Frame 509 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.208474000 [Time delta from previous captured frame: 0.000071000 seconds] [Time delta from previous displayed frame: 0.000071000 seconds] [Time since reference or first frame: 12.811512000 seconds] Frame Number: 509 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x593d (22845) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89e8 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 94683, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 94683 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x68de [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 96143-97603 left edge = 96143 (relative) right edge = 97603 (relative) No. Time Source Destination Protocol Info 510 12.819678 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 510 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.216640000 [Time delta from previous captured frame: 0.008166000 seconds] [Time delta from previous displayed frame: 0.008166000 seconds] [Time since reference or first frame: 12.819678000 seconds] Frame Number: 510 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x160a (5642) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4b74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 97603, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 97603 (relative sequence number) [Next sequence number: 99063 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf04a [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 509] [The RTT to ACK the segment was: 0.008166000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 511 12.819731 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 509#1] aspen-services > http [ACK] Seq=3089 Ack=94683 Win=183960 Len=0 SLE=96143 SRE=99063 Frame 511 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.216693000 [Time delta from previous captured frame: 0.000053000 seconds] [Time delta from previous displayed frame: 0.000053000 seconds] [Time since reference or first frame: 12.819731000 seconds] Frame Number: 511 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x593e (22846) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89e7 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 94683, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 94683 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x632a [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 96143-99063 left edge = 96143 (relative) right edge = 99063 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 509] No. Time Source Destination Protocol Info 520 13.229605 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 520 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.626567000 [Time delta from previous captured frame: 0.004341000 seconds] [Time delta from previous displayed frame: 0.409874000 seconds] [Time since reference or first frame: 13.229605000 seconds] Frame Number: 520 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x1e0a (7690) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4374 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 94683, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 94683 (relative sequence number) [Next sequence number: 96143 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb078 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 511] [The RTT to ACK the segment was: 0.409874000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.409927000 seconds] [RTO based on delta from frame: 510] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 521 13.229686 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=99063 Win=183960 Len=0 Frame 521 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.626648000 [Time delta from previous captured frame: 0.000081000 seconds] [Time delta from previous displayed frame: 0.000081000 seconds] [Time since reference or first frame: 13.229686000 seconds] Frame Number: 521 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x594b (22859) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89e6 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 99063, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 99063 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x1e80 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 510] [The RTT to ACK the segment was: 0.410008000 seconds] No. Time Source Destination Protocol Info 522 13.237493 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 522 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.634455000 [Time delta from previous captured frame: 0.007807000 seconds] [Time delta from previous displayed frame: 0.007807000 seconds] [Time since reference or first frame: 13.237493000 seconds] Frame Number: 522 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x1f0a (7946) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4274 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 99063, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 99063 (relative sequence number) [Next sequence number: 100523 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa2f8 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 521] [The RTT to ACK the segment was: 0.007807000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 523 13.237933 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 523 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.634895000 [Time delta from previous captured frame: 0.000440000 seconds] [Time delta from previous displayed frame: 0.000440000 seconds] [Time since reference or first frame: 13.237933000 seconds] Frame Number: 523 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x200a (8202) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4174 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 100523, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 100523 (relative sequence number) [Next sequence number: 101983 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc864 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 524 13.237975 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=101983 Win=183960 Len=0 Frame 524 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.634937000 [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000042000 seconds] [Time since reference or first frame: 13.237975000 seconds] Frame Number: 524 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5953 (22867) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89de [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 101983, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 101983 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x1318 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 523] [The RTT to ACK the segment was: 0.000042000 seconds] No. Time Source Destination Protocol Info 525 13.245471 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 525 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.642433000 [Time delta from previous captured frame: 0.007496000 seconds] [Time delta from previous displayed frame: 0.007496000 seconds] [Time since reference or first frame: 13.245471000 seconds] Frame Number: 525 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x210a (8458) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x4074 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 101983, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 101983 (relative sequence number) [Next sequence number: 103443 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xdc71 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 524] [The RTT to ACK the segment was: 0.007496000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 526 13.245887 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 526 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.642849000 [Time delta from previous captured frame: 0.000416000 seconds] [Time delta from previous displayed frame: 0.000416000 seconds] [Time since reference or first frame: 13.245887000 seconds] Frame Number: 526 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x230a (8970) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x3e74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 104903, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 104903 (relative sequence number) [Next sequence number: 106363 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x783b [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 527 13.245920 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=103443 Win=183960 Len=0 SLE=104903 SRE=106363 Frame 527 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.642882000 [Time delta from previous captured frame: 0.000033000 seconds] [Time delta from previous displayed frame: 0.000033000 seconds] [Time since reference or first frame: 13.245920000 seconds] Frame Number: 527 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5958 (22872) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89cd [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 103443, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 103443 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0x0236 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 104903-106363 left edge = 104903 (relative) right edge = 106363 (relative) No. Time Source Destination Protocol Info 528 13.254079 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 528 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.651041000 [Time delta from previous captured frame: 0.008159000 seconds] [Time delta from previous displayed frame: 0.008159000 seconds] [Time since reference or first frame: 13.254079000 seconds] Frame Number: 528 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x240a (9226) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x3d74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 106363, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 106363 (relative sequence number) [Next sequence number: 107823 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x9dba [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 527] [The RTT to ACK the segment was: 0.008159000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 529 13.254139 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 527#1] aspen-services > http [ACK] Seq=3089 Ack=103443 Win=183960 Len=0 SLE=104903 SRE=107823 Frame 529 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:30:00.651101000 [Time delta from previous captured frame: 0.000060000 seconds] [Time delta from previous displayed frame: 0.000060000 seconds] [Time since reference or first frame: 13.254139000 seconds] Frame Number: 529 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5959 (22873) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89cc [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 103443, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 103443 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xfc81 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 104903-107823 left edge = 104903 (relative) right edge = 107823 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 527] No. Time Source Destination Protocol Info 544 13.657615 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 544 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.054577000 [Time delta from previous captured frame: 0.002480000 seconds] [Time delta from previous displayed frame: 0.403476000 seconds] [Time since reference or first frame: 13.657615000 seconds] Frame Number: 544 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x2c0a (11274) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x3574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 103443, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 103443 (relative sequence number) [Next sequence number: 104903 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4bd2 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 529] [The RTT to ACK the segment was: 0.403476000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.403536000 seconds] [RTO based on delta from frame: 528] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 545 13.657704 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=107823 Win=183960 Len=0 Frame 545 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.054666000 [Time delta from previous captured frame: 0.000089000 seconds] [Time delta from previous displayed frame: 0.000089000 seconds] [Time since reference or first frame: 13.657704000 seconds] Frame Number: 545 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x596f (22895) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89c2 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 107823, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 107823 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xfc47 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 528] [The RTT to ACK the segment was: 0.403625000 seconds] No. Time Source Destination Protocol Info 546 13.673483 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 546 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.070445000 [Time delta from previous captured frame: 0.015779000 seconds] [Time delta from previous displayed frame: 0.015779000 seconds] [Time since reference or first frame: 13.673483000 seconds] Frame Number: 546 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x2d0a (11530) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x3474 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 107823, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 107823 (relative sequence number) [Next sequence number: 109283 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xb9a3 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 545] [The RTT to ACK the segment was: 0.015779000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 549 13.857758 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=109283 Win=183960 Len=0 Frame 549 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.254720000 [Time delta from previous captured frame: 0.145358000 seconds] [Time delta from previous displayed frame: 0.184275000 seconds] [Time since reference or first frame: 13.857758000 seconds] Frame Number: 549 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5979 (22905) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89b8 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 109283, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 109283 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xf693 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 546] [The RTT to ACK the segment was: 0.184275000 seconds] No. Time Source Destination Protocol Info 550 13.911566 208.117.224.240 172.28.186.27 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] Frame 550 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.308528000 [Time delta from previous captured frame: 0.053808000 seconds] [Time delta from previous displayed frame: 0.053808000 seconds] [Time since reference or first frame: 13.911566000 seconds] Frame Number: 550 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x320a (12810) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2f74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 110743, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 110743 (relative sequence number) [Next sequence number: 112203 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x36cf [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 549] [The RTT to ACK the segment was: 0.053808000 seconds] [TCP Analysis Flags] [A segment before this frame was lost] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 551 13.911647 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 549#1] aspen-services > http [ACK] Seq=3089 Ack=109283 Win=183960 Len=0 SLE=110743 SRE=112203 Frame 551 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.308609000 [Time delta from previous captured frame: 0.000081000 seconds] [Time delta from previous displayed frame: 0.000081000 seconds] [Time since reference or first frame: 13.911647000 seconds] Frame Number: 551 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x597a (22906) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89ab [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 109283, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 109283 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xbdc5 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 110743-112203 left edge = 110743 (relative) right edge = 112203 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 549] No. Time Source Destination Protocol Info 552 13.913938 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 552 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.310900000 [Time delta from previous captured frame: 0.002291000 seconds] [Time delta from previous displayed frame: 0.002291000 seconds] [Time since reference or first frame: 13.913938000 seconds] Frame Number: 552 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x330a (13066) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2e74 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 112203, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 112203 (relative sequence number) [Next sequence number: 113663 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x4c89 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 551] [The RTT to ACK the segment was: 0.002291000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 553 13.913987 172.28.186.27 208.117.224.240 TCP [TCP Dup ACK 549#2] aspen-services > http [ACK] Seq=3089 Ack=109283 Win=183960 Len=0 SLE=110743 SRE=113663 Frame 553 (66 bytes on wire, 66 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.310949000 [Time delta from previous captured frame: 0.000049000 seconds] [Time delta from previous displayed frame: 0.000049000 seconds] [Time since reference or first frame: 13.913987000 seconds] Frame Number: 553 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x597b (22907) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89aa [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 109283, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 109283 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xb811 [correct] [Good Checksum: True] [Bad Checksum: False] Options: (12 bytes) NOP NOP SACK: 110743-113663 left edge = 110743 (relative) right edge = 113663 (relative) [SEQ/ACK analysis] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 2] [Duplicate to the ACK in frame: 549] No. Time Source Destination Protocol Info 554 14.393602 208.117.224.240 172.28.186.27 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 554 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.790564000 [Time delta from previous captured frame: 0.479615000 seconds] [Time delta from previous displayed frame: 0.479615000 seconds] [Time since reference or first frame: 14.393602000 seconds] Frame Number: 554 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x390a (14602) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2874 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 109283, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 109283 (relative sequence number) [Next sequence number: 110743 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x89f6 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 553] [The RTT to ACK the segment was: 0.479615000 seconds] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.479664000 seconds] [RTO based on delta from frame: 552] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 555 14.393744 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=113663 Win=183960 Len=0 Frame 555 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.790706000 [Time delta from previous captured frame: 0.000142000 seconds] [Time delta from previous displayed frame: 0.000142000 seconds] [Time since reference or first frame: 14.393744000 seconds] Frame Number: 555 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x597c (22908) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89b5 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 113663, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 113663 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xe577 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 552] [The RTT to ACK the segment was: 0.479806000 seconds] No. Time Source Destination Protocol Info 556 14.400717 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 556 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.797679000 [Time delta from previous captured frame: 0.006973000 seconds] [Time delta from previous displayed frame: 0.006973000 seconds] [Time since reference or first frame: 14.400717000 seconds] Frame Number: 556 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x3a0a (14858) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2774 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 113663, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 113663 (relative sequence number) [Next sequence number: 115123 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x40d2 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 555] [The RTT to ACK the segment was: 0.006973000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 557 14.401273 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 557 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.798235000 [Time delta from previous captured frame: 0.000556000 seconds] [Time delta from previous displayed frame: 0.000556000 seconds] [Time since reference or first frame: 14.401273000 seconds] Frame Number: 557 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x3b0a (15114) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2674 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 115123, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 115123 (relative sequence number) [Next sequence number: 116583 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x05dd [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 558 14.401315 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=116583 Win=183960 Len=0 Frame 558 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.798277000 [Time delta from previous captured frame: 0.000042000 seconds] [Time delta from previous displayed frame: 0.000042000 seconds] [Time since reference or first frame: 14.401315000 seconds] Frame Number: 558 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5983 (22915) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89ae [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 116583, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 116583 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xda0f [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 557] [The RTT to ACK the segment was: 0.000042000 seconds] No. Time Source Destination Protocol Info 559 14.406589 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 559 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.803551000 [Time delta from previous captured frame: 0.005274000 seconds] [Time delta from previous displayed frame: 0.005274000 seconds] [Time since reference or first frame: 14.406589000 seconds] Frame Number: 559 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x3c0a (15370) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2574 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 116583, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 116583 (relative sequence number) [Next sequence number: 118043 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xbf5f [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 558] [The RTT to ACK the segment was: 0.005274000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 560 14.408277 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 560 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.805239000 [Time delta from previous captured frame: 0.001688000 seconds] [Time delta from previous displayed frame: 0.001688000 seconds] [Time since reference or first frame: 14.408277000 seconds] Frame Number: 560 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x3d0a (15626) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2474 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 118043, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 118043 (relative sequence number) [Next sequence number: 119503 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x3454 [correct] [Good Checksum: True] [Bad Checksum: False] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 561 14.408343 172.28.186.27 208.117.224.240 TCP aspen-services > http [ACK] Seq=3089 Ack=119503 Win=183960 Len=0 Frame 561 (54 bytes on wire, 54 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.805305000 [Time delta from previous captured frame: 0.000066000 seconds] [Time delta from previous displayed frame: 0.000066000 seconds] [Time since reference or first frame: 14.408343000 seconds] Frame Number: 561 Frame Length: 54 bytes Capture Length: 54 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_d6:44:84 (00:18:de:d6:44:84), Dst: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Destination: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.28.186.27 (172.28.186.27), Dst: 208.117.224.240 (208.117.224.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5988 (22920) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x89a9 [correct] [Good: True] [Bad : False] Source: 172.28.186.27 (172.28.186.27) Destination: 208.117.224.240 (208.117.224.240) Transmission Control Protocol, Src Port: aspen-services (1749), Dst Port: http (80), Seq: 3089, Ack: 119503, Len: 0 Source port: aspen-services (1749) Destination port: http (80) Sequence number: 3089 (relative sequence number) Acknowledgement number: 119503 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 183960 (scaled) Checksum: 0xcea7 [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 560] [The RTT to ACK the segment was: 0.000066000 seconds] No. Time Source Destination Protocol Info 562 14.411169 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 562 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.808131000 [Time delta from previous captured frame: 0.002826000 seconds] [Time delta from previous displayed frame: 0.002826000 seconds] [Time since reference or first frame: 14.411169000 seconds] Frame Number: 562 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x3e0a (15882) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2374 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 119503, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 119503 (relative sequence number) [Next sequence number: 120963 (relative sequence number)] Acknowledgement number: 3089 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x5d5a [correct] [Good Checksum: True] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 561] [The RTT to ACK the segment was: 0.002826000 seconds] TCP segment data (1460 bytes) No. Time Source Destination Protocol Info 563 14.415392 208.117.224.240 172.28.186.27 TCP [TCP segment of a reassembled PDU] Frame 563 (1514 bytes on wire, 1514 bytes captured) Arrival Time: Nov 1, 2008 16:30:01.812354000 [Time delta from previous captured frame: 0.004223000 seconds] [Time delta from previous displayed frame: 0.004223000 seconds] [Time since reference or first frame: 14.415392000 seconds] Frame Number: 563 Frame Length: 1514 bytes Capture Length: 1514 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Intel_a6:a7:cb (00:02:b3:a6:a7:cb), Dst: Intel_d6:44:84 (00:18:de:d6:44:84) Destination: Intel_d6:44:84 (00:18:de:d6:44:84) Address: Intel_d6:44:84 (00:18:de:d6:44:84) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) Address: Intel_a6:a7:cb (00:02:b3:a6:a7:cb) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 208.117.224.240 (208.117.224.240), Dst: 172.28.186.27 (172.28.186.27) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1500 Identification: 0x3f0a (16138) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: TCP (0x06) Header checksum: 0x2274 [correct] [Good: True] [Bad : False] Source: 208.117.224.240 (208.117.224.240) Destination: 172.28.186.27 (172.28.186.27) Transmission Control Protocol, Src Port: http (80), Dst Port: aspen-services (1749), Seq: 120963, Ack: 3089, Len: 1460 Source port: http (80) Destination port: aspen-services (1749) Sequence number: 120963 (relative sequence number) [Next sequence number: 122423 (relative sequence number)] Acknowledgement number: 3089 (relative